NASA borrows a page from Defense situational awareness book

As agency looks to secure space assets, some lessons emerge from the Defense Department

By Amber Corrin

Mar 17, 2010

The need for real-time access in monitoring networks and communications systems has top priority for military information technology, but situational awareness is important outside the Defense Department as well, especially in space. As NASA looks to defend the sphere beyond what the four services cover, cues from DOD are helping to secure U.S. interests in space.

And it's not just space NASA's IT office must secure: on its computer networks NASA has around 18,000 employee users and 44,000 contractor users. The agency also has about 4,000 internal Web sites and another 4,000 public-facing sites — and a budget of roughly $166 billion to manage it all, Jerry Davis, NASA deputy chief information officer for IT security, said March 16 at the Input Federal Executive breakfast in McLean, Va.

“NASA has a ginormous attack surface, so that requires real-time situational awareness. We need to have drill-down capabilities, down to a single actor, system or application,” Davis said.

An increased emphasis on mission-enabling and integration across organizational boundaries echoes current areas of focus for DOD as well. Davis said these principles, along with efficiency, security and innovation, are driving NASA as it moves into the post-space shuttle era.

Coverage of the threats, vulnerabilities, resources and assets in a context of nontraditional warfare requires everyone plugging into enterprise security, Davis said.

“Interaction between components is key to situational awareness,” he added.

NASA IT is updating its organizational structure as well, establishing new lines of reporting between CIOs and a new IT committee added to the NASA Advisory Council, which advises NASA’s governing administrator. Davis also highlighted an enhanced focus on a cybersecurity committee.

Better framework is integral as NASA moves forward with securing its infrastructure, and Davis emphasized the importance of having a road map. “Security is executing the strategy according to the road map,” he said.